Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

Troubleshooting: Error: “java.lang.Exception: Input not an X.509 certificate.”

This Article consists of advanced troubleshooting to a very problematic issue that comes up with versions of Keytool when installing an SSL certificate. There can be numerous causes for this issue. By all normal means when following SSL Installation Instructions for Tomcat using pkcs7 or SSL Installation Instructions for Tomcat using x.509 the user should have a smooth installation, but user may receive the following error message. Issue: During installation of an SSL Certificate on a Tomcat/jBoss system you may get the following error using keytool: Error: “java.lang.Exception: Input not an X.509 certificate.” Causes: The cause of this error can happen for any of the following reasons. Your version of Tomcat keytool will not accept a pkcs7/.p7b format certificate. The certificate that you are […]

Read More

Keystore .jks Keytool – CSR Generation & SSL Installation Guide.

To generate a Certificate Signing Request (CSR) you will first need to create a keystore for your Oracle system. Oracle systems such as Tomcat or Web Logic use keystores for its certificate web server configurations. If you lose your keystore file or your password to access it your SSL Certificate will no longer match and you will need to replace the certificate. Note: Keystores created from an Oracle Keytool or Tomcat type environment can be heavily customized. Below are generalized instructions. The naming conventions of the files and alias names used can be specified to fit your own environment.  You will need to adjust these instructions appropriately. If you do not want to be thrown back into the stone age doing command line of a Keystore using keytool… […]

Read More

Tomcat using X509 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server or keystore  where your Certificate Signing Request (CSR) was created. Your private key will always be left on and inside the  server system and keystore where the CSR was originally created. Your SSL certificate will not work without original keystore file. We will assume that this is the original system. Tomcat is a very customization environment below are generalized instructions, you will have to adapt these instructions to your own environment. If you lose your keystore file or your password to access it. your SSL Certificate will no longer match and you will need to replace the certificate. In order to install your Tomcat […]

Read More

Tomcat – CSR Instructions

To generate a Certificate Signing Request (CSR) you will first need to create a keystore for your Tomcat server. Tomcat uses keystores for its certificate web server configurations. If you lose your keystore file or your password to access it your SSL Certificate will no longer match and you will need to replace the certificate. Note: Tomcat is a very custom environment and your system may differ. Below are generalized instructions. The naming conventions of the files and alias names used can be specified to fit your own environment.  You will need to adjust these instructions appropriately. In order to generate a keystore for your Tomcat system perform the following instructions listed below. Step 1: Create a Keystore: Create a certificate keystore […]

Read More